Insights from the E.U.—Creating and Sustaining a Strong Organisational Culture

daniel-kline.png

Earlier this month I had the opportunity to moderate three roundtables across Europe—in Copenhagen, Paris and London—where more than 30 leading ethics and compliance executives discussed their challenges and opportunities around creating a strong organisational "speak-up" culture.

Similar to the roundtables we held last autumn in Stockholm and Geneva, the executives who participated shared some great insights and practical takeaways organisations in EMEA and across the globe can use to strengthen their programs today.

Top recommendations and insights gleaned from executives at the roundtables include:

1) Build Awareness of Compliance Programmes—and Showcase Results

Organisations can’t rely on one big launch to spread the word about their ethics and compliance programmes, said executives. Key programme messages need to continue to be advertised so they stay in the forefront of employee’s minds. As you launch your compliance programme, treat it like an exercise in internal branding. Get marketing involved to help really sell and market the programme internally. This will help to embed the programme in the hearts and minds of employees.

Furthermore, in the experience of the executives at the roundtable, the biggest help in truly shifting culture occurs when organisations consistently and openly talk about their ethics and compliance programmes—and demonstrate and share results.

Practical Takeaways:

  • Find ways to demonstrate that senior leadership endorses the programme; employees take their cues from the top.
  • Broadcast select issues (anonymised of course) to the entire staff and show them how an incident was addressed and resolved.
  • Showcase the positive benefits that the ethics programme is bringing to the company, employees, shareholders and customers.
  • Find opportunities to reinforce the organisation’s commitment to speak-up culture—such as a corporate newsletters, company-wide meetings or other avenues.

2) Encourage Employees to “Speak Up” and Report

As an example of the importance of getting employees to speak up, we discussed a statistic from the CEB’s Compliance and Ethics Leadership Council: 40% of misconduct is lost or never reported and a further 50% is siloed or trapped so it never reaches ethics and compliance. Beyond encouraging whistleblowing, having an incident management system in place to ensure reports are routed to the right people so they can be tracked and investigated is critical.

Employees are much more likely to report when they feel they won’t be retaliated against—and trust that their management team will investigate their report thoroughly and rigorously. If employees feel uneasy about any of the above, executives say, it impacts the integrity of the entire system and employees are unlikely to report at all.

Practical Takeaways:

  • When you first launch a new programme, reporters will likely choose to submit issues anonymously. As employees learn to trust the system, more will come forward with a named report. If, after the programme is well-established, you’re still getting a high volume of anonymous instead of named reports, it may be that employees fear retaliation.
  • Give feedback so reporters know that their issue is being investigated. You should have a secure way to communicate with anonymous reporters.
  • Train managers on how to handle reports and deal with reporting employees sensitively. As importantly, managers must have a way to “report the report” so it gets routed to the right people and it can be tracked and investigated ASAP.

3) Make Sure Employees Understand Programme Expectations & Reporting Options

The foundation of any compliance programme needs to be stated in clearly defined behavioural and ethics standards in an organisation’s Code of Conduct and other policies. Clear reporting lines are also essential—ideally issues should start with a manager, then go up to internal compliance teams. Employees should use an anonymous hotline as a last resort if uncomfortable with other reporting options.

Practical Takeaways:

  • Launching a programme in the U.K. should be different than launching a programme in the Philippines. Localise programme rollouts using regional resources.
  • Use a program launch as a chance to give a face to compliance—introduce the entire compliance team to your employees and find ways to stay visible. Nothing beats face-to-face interaction.
  • Make sure that the plan is actually being implemented—do periodic checks when travelling on site and/or conducting risk assessments.

4) Measure Your Programme to Spot Trends and Improve Effectiveness

Organisations can and should be measuring programme effectiveness by tracking outcomes and trends, say executives. These critical pieces of data will help inform the future development and growth of your ethics and compliance programmes, and help best protect your organisation.

Practical Takeaways:

  • Use your report data to spot trends and patterns. For example, if you get multiple reports from a specific region or on a specific topic, you may have a larger overarching issue to address.
  • Closely monitor case resolution time. Reasonable resolution times help build trust amongst reporters and reduce risk within the business. (NAVEX Global recommends a best-practice target of 30 days for case closure time.)
  • Employee engagement surveys are a great way to gauge effectiveness and perception of compliance programmes internally. Ask the hard questions: Are you afraid of retaliation? Do you believe that reports will be acted on? The results of this kind of qualitative survey are measurable and can show trends over time.

Conclusion

A strong culture of ethics and transparency—where employees feel encouraged to speak up, and where all reports are properly handled—is one of the best risk mitigation tools an organisation can have.


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


Seven Training Imperatives to Address Your Biggest Cyber Security Risk: Employee Behavior

While there are many processes an organization should consider implementing to maintain strong cyber security, employee education is the key to early threat detection and issue remediation. Training—whether online or in-person—can help significantly reduce risks in this area. Learn more about what key messages and concepts cyber security training should include to best protect your organization.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Do Your Confidentiality and Employment Agreements Violate SEC Whistleblower Protection Rules?

As the SEC takes aim at whistleblower “pretaliation” (attempts to muzzle whistleblowers via confidentiality and other employment agreements) ethics and compliance officers need to take practical steps to ensure whistleblower protection—and add it to their organization’s risk management list.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments